1DHEX(1) BSD General Commands Manual DHEX(1)
2
4 dhex — hex editor with a diff mode
5
7 dhex [-x]
8 dhex [-h] [-v] [-g] [-k] [-ab -ad -ah -ao base address] [-f config-file]
9 [-m marker-file] [-ob -od -oh -oo offset] [-r searchlog]
10 [-sa -sab string (ascii)] [-sh -shb string (hex)] [-w searchlog]
11 [file]
12 dhex [-h] [-v] [-g] [-k] [-a1b -a1d -a1h -a1o base address 1]
13 [-a2b -a2d -a2h -a2o base address 2] [-cb] [-cd upper-limit] [-cl]
14 [-f config-file] [-m marker-file] [-o1b -o1d -o1h -o1o offset1]
15 [-o2b -o2d -o2h -o2o offset2] [-r1 searchlog1] [-r2 searchlog2]
16 [-s1a -s1ab -s1h -s1hb string (ascii/hex)]
17 [-s2a -s2ab -s2h -s2hb string (ascii/hex)] [-w1 searchlog1]
18 [-w2 searchlog2] [file1 file2]
19
21 dhex is a hex editor. It can be used to alter individual bytes in large
22 files. Since it is a text-mode programm based on ncurses, it can run in
23 numerous scenarios. Its special feature is the diff mode: With it, the
24 user has a visual tool for file comparison. This mode is invoked when
25 dhex is called with two instead of one file as parameters.
26
28 All the options are case-insensitive and can be given as either upper- or
29 lowercase characters.
30 -ab -ad -ah -ao base address
32 After loading a file, every address gets a base address other
33 than 0. With this, it is easier to work on partial memory
34 dumps. The base address can be given as a binary one with
35 [-ab] , as a decimal one with [-ad] , as a hexadecimal one
36 with [-ah] or an octal with [-ao].
37 -a1b -a1d -a1h -a1o base address 1
39 -a2b -a2d -a2h -a2o base address 2
41 For the diff mode, it is possible to set two different base
42 addresses. Again, a binary address can be given as [-a1b
43 -a2b] , as decimal one with [-a1d -a2d] , as hexadecimal one
44 with [-a1h -a2h] or an octal one with [-a1o -a2o].
45 This base address is calculated into the marker files as well
47 as the searchlogs.
48 -cb -cl Diff mode only: The input files can be correlated from the
50 command line with the best -cb or longest -cl match. This is
51 very slow.
52 -cd upper-limit
54 Diff mode only: The input files can be correlated from the
55 command line with the minimum difference. To improve the cor‐
56 relation speed, an upper limit can be provided.
57 -f configfile
59 Usually, .dhexrc is being read from the invoker's home direc‐
60 tory. With this parameter, any other config file can be
61 loaded. See dhexrc(5) for a description of its file format.
62 -g Shows the license
64 -x Starts the hexcal
66 -h Shows the help screen
68 -k Starts the keyboard setup manually before any file is being
70 loaded. This is very helpful when calling dhex from an exotic
71 terminal.
72 -m markerfile
74 It is possible in dhex to set bookmarks and store them in a
75 markerfile for later use. With this parameter, the markerfile
76 is being read at start time, making it unnecesarry to read
77 them later through the gui. Their file format is described in
78 dhex_markers(5).
79 -ob -od -oh -oo offset
81 After loading a file, the cursor is set to 0, and the first
82 page of bytes is being shown on the screen. With one of those
83 parameters it is possible to start at any other location in
84 the file. The cursorposition could be given as a binary num‐
85 ber with [-ob] , as a decimal one with [-od] , as a hexadeci‐
86 mal one with [-oh] or an octal with [-oo].
87 -o1b -o1d -o1h -o1o offset1
89 -o2b -o2d -o2h -o2o offset2
91 For the diff mode, it is possible to set two different cur‐
92 sorpositions at start time. Again, the cursorpositions can be
93 given as a binary number with [-o1b -o2b] , as decimal one
94 with [-o1d -o2d] , as hexadecimal one with [-o1h -o2h] or an
95 octal one with [-o1o -o2o].
96 This way, the first few bytes in a file can be skipped, and
98 just the rest can be compared.
99 -r searchlog
101 When searching from the command line, the offsets are being
102 read from this searchlog. Its format is being decribed in
103 dhex_searchlog(5).
104 -r1 searchlog1
106 -r2 searchlog2
108 When searching in two files simultanously, the offsets can be
109 read from two different searchlogs.
110 -sa -sab -sh -shb string
112 Instead of setting the cursor offset to an absolute value, it
113 is possible to search for a specific string from the command
114 line. If there is an additional [-ob -od -oh -oo offset]
115 present, the search will start there. It is possible to read
116 and write search logs with [-r searchlog] and [-w searchlog]
117 respectively. With [-sa string] is being interpreted as
118 ASCII. [-sh string] interprets it as hex. For backwards
119 search, [-sab string] or [-shb string] can be applied.
120 -s1a -s1ab -s1h -s1hb string1
122 -s2a -s2ab -s2h -s2hb string2
124 In the diff mode, it is possible to search for two strings in
125 two files simultanously.
126 -v Prints out the version of dhex.
128 -w searchlog
130 When searching from the command line, write the results into
131 this searchlog and quit. It is being written in the format
132 described in dhex_searchlog(5.)
133 -w1 searchlog1
135 -w2 searchlog2
137 When searching in two files simultanously, write the results
138 from both searches into those log files.
139
141 General
142 Menus have hotkeys, they are being presented in a different color. To
143 jump from one menu item to the next, the cursor keys or the TAB key can
144 be used.
145 Input fields can be closed by pressing ESC, ENTER, or any cursor key.
147 Only pressing ESC will not save the changes made in there.
148 The keyboard setup
150 When running dhex for the first time, without any configfile present, or
151 with the parameter -k, the first screen shown is that of the keyboard
152 setup. In this screen, the program asks the user to press certain keys.
153 Which are (in order) ESCAPE, F1, F2, F3, F4, F5, F6, F7, F8, F9, F10,
154 BACKSPACE, DEL, ENTER, TAB, UP, DOWN, RIGHT, LEFT, PG UP, PG DOWN, HOME,
155 END. It also tells the user what it intends to do with those keys later.
156 So the user can decide on any alternative he chooses. If he does not
157 want to bind a specific function to a certain key, he can simply press
158 ESCAPE and skip to the next question.
159 After pressing all the keys, the user can chose whether or not to write
161 those keys into the config file.
162 The main screen
164 The main screen is broken down into three columns: The first column con‐
165 tains the offset within the file for the current line. The second column
166 contains the bytes in the file in hex format. Finally, the third coumn
167 contains the same bytes, but this time in ascii format. If a byte is not
168 printable, it is being substituted with a '.'. How many bytes are are
169 being shown in a line depends on the width of the terminal. For example,
170 if the terminal is 80 characters wide, 16 bytes are being shown in each
171 line.
172 If no other [-o] or [-a] parameter was given at start time, the cursor is
174 being set to offset 0. It is also being shown in the hex column. Here, it
175 can be moved with the cursor keys. When entering a hexadecimal number,
176 the file is being edited. The file can be edited in the ascii column as
177 well, simply by pressing the TAB key (or whichever key was substituted
178 for it in the keyboard setup). Pressing TAB again will return the cursor
179 to the hex column. Pressing F9 (or its substitute) will undo the last of
180 the changes. Changes are being shown in a differnt color.
181 Editing is not possible in the diff mode. Here, pressing the cursor keys
183 will move both files synchronously.
184 The goto screen
186 Pressing F1 (or its substitute) will open the Goto... screen. Here, it is
187 possible to jump to a specific address directly, without the need of
188 scrolling there with the cursor keys. The address can be entered in the
189 'To' field, either absolute or relative (to leap over a specified amount
190 of bytes). An absolute address is being chosen by pressing '=', and a
191 relative one by pressing '+' or '-', for a positive or negative leap
192 respectively. Regardless of the adressing mode, it has to be entered as a
193 hexadecimal number.
194 It is also possible to set up to ten bookmarks in this screen: Pressing
196 '0'...'9' will select one of them. Moving the cursor to "Set" and press‐
197 ing ENTER will alter one of those book marks. The "Diff:" fields are
198 showing the difference between the actual cursor position and the book‐
199 mark.
200 Bookmarks can be stored and loaded, for this there are the "Save Markers"
202 and "Load Markers" items on the bottom. Upon selecting one of them, the
203 user is being prompted for a filename. It is possible to load a marker
204 file at start time, by providing the [-m markerfile] parameter.
205 dhex_markers(5) describes the format of the marker files.
206 Searching
208 Pressing F2 (or its subsitute) will open the Search... screen. Here, a
209 short string can be entered (either in hex, or in ascii). If no logfiles
210 are being selected, the cursor will jump to the next occurance of this
211 search string upon selection of "Go". It can be chosen if the search is
212 supposed to be conducted forward of backwards.
213 To jump to the next occurance, F3 (or its substitute) has to be pressed.
215 To jump to the previous one, F4 has to be pressed. The search itself
216 wraps at the edges of the file, meaning that when it reaches the end, it
217 will start from the beginning and vice versa.
218 Searchlogs are an advanced way of searching: Writing to the searchlog
220 does not jump the cursor from one occurance to the next. Instead, it will
221 write the offsets of all of them into the logfile. Their format is
222 described in dhex_searchlog(5).
223 Reading from this searchlog means that the search does not cover the
225 whole file: Only the addresses which have been provided in this file are
226 being searched. Thus it is possible to search for specific changes. Like
227 for example the number of lives stored in the save file of a game.
228 dhex_searchlog(5) describes the format of the searchlog.
229 HexCal
231 Pressing F5 (or its substitute) will open a small 64 bit calculator. This
232 calculator is capable of not only performing arithmetic operations (+,
233 -, *, /, modulo), but also logic ones. (and, or, xor, shift). There are
234 three columns to enter numbers as hexadecimals, decimals or in binary
235 format. Pressing 'x' will close this screen. Using the command line argu‐
236 ment [-x] will start it from the commandline.
237 Correlation
239 When dhex(1) is running in diff mode, pressing F6 (or its substitute)
240 will open the dialog for file correlation. This will try to find the
241 optimal offset between the two files. There are three algorithms avail‐
242 able for finding this offset: Searching for the best match (as many bytes
243 as possible are the same), the longest match (as many consecutive bytes
244 match as possible), or the minimum difference (as little differences
245 between the bytes as possible).
246 Even though it seems like the same at first, looking for the minimum dif‐
248 ference is in fact faster. This can be improved even more, if the user
249 sets an upper difference limit.
250 Upon selecting Go, the program will search for the optimal offset. This
252 will take some time.
253 Saving and quitting
255 Pressing F10 (or its substitute) will close dhex. In case there have
256 been changes made to the file, a save dialog opens up. Here, it is possi‐
257 ble to select whether or not to write the changes back into the file.
258
260 $HOME/.dhexrc: The default location of the config file. If the $HOME-
261 variable is not set, its location has to be provided manually.
262
264 Report bugs to <dettus@dettus.net>. Make sure to include DHEX somewhere
265 in the subject.
266
268 Written by Thomas Dettbarn
269
271 dhexrc(5), dhex_markers(5), dhex_searchlog(5)
272BSD Jan 19, 2019 BSD